Some security access control systems implement location based security policies (sometimes referred to as geo-location security). Such geo-location security can offer increased (or relaxed) access constraints when the subject (user) is within the geo-location boundary. Geo-location security policies are typically specified using maps or other similar representations of a physical space. A location of the subject is referenced against this map and appropriate security measures can be taken. The location of the subject is typically determined using a location sensing technology (e.g., GPS, WiFi, GPRS, Bluetooth, etc.) that can be triangulated.
Triangulation methods, however, are an approximation of an actual location. More specifically, triangulation methods provide a relatively poor approximation of an actual geometric shape, within which a geo-location policy is intended to protect. Furthermore, variations in radio broadcast strength as well as variations in receiver reception can affect the accuracy of the estimated location of the subject. More particularly, the actual subject location (with respect to the resources to be protected within a geometric area) may differ from the determined or reported location due to the above stated considerations.
A difference between an actual location and a determined location can result in misapplication of geo-location security policies. For example, access may be granted when it should not have been or access may be denied when it should have been granted. The former is a security policy violation and the later is an inconvenience to the user. Users may respond to inconveniences by violating security settings in order to improve convenience. Hence, both examples often result in violations of security policies.
It is with respect to these and other considerations that the embodiments described herein are needed.